About Blog Support Design Store Products
ThinkMac Blog - Cocoa for breakfast, lunch and dinner

Leopard to feature code signing

Tuesday, October 24, 2006

According to this public article on the Apple Developer Connection (ADC) website, Leopard is going to feature digital code signing.

Also new in Leopard is code signing. This means that Leopard will be able to identify applications by using digital signatures and then use that identification to base trust decisions on.

In this age of spyware, trojans and other malware it makes sense from a security perspective - but at the same time it's a bit of a bombshell snuck in there. Who is going to be doing this code signing and how much is it going to cost (you can bet it won't be free)? Will it put a damp blanket over the Mac shareware market if users get a dialog popping up saying that code isn't digitally signed and that the user should exercise caution? I imagine it will put fresh Windows switchers right off as they know full well the dangers of running untrusted code.

I wish Apple would be a bit more open about these things rather than giving little off handed mentions to something that could have a major impact on many of our businesses. Admittedly I've not renewed my ADC Select membership just yet, but even so something as big as this should hardly be under NDA.

Update

It sounds like this isn't nearly as bad as it comes across from the paragraph I quoted. See the comments for details.

Del.icio.us Digg It

posted by Rory Prior @ 11:54 PM   2 comments

2 Comments:

At 2:00 AM, Anonymous Jean-François Roy said...

I can't tell you much without (totally) violating my WWDC NDA, but suffice it to say that this is not as bad as you think it is.

Anyone at all can easily make a new signing identity and use it to sign an application they just compiled.

The main objective of code signing in Leopard is not the same as for SSL certificates -- it is not to evaluate the trust or confidence of something based on a list of trusted certificate authorities.

Rather, it is to provide a much better means for users to identify applications. A good example is software updates. Right now, if a user updates your application, and your application asks for an item the user's keychain, the user will get a Keychain warning telling him the application has changed.

With code signing, the user will get that dialog once the first time he or she runs your application, and if you sign every future versions of that application, the system will not bother the user again, because instead of using for example a hash of the application, it will now be using the code signature.

 
At 5:14 PM, Blogger Rory Prior said...

Thanks for clearing that up it doesn't sound too bad. I was worried I'd have to start forking over thousands to Verisign every year.

 

Post a Comment

<< Home

Previous posts
Blogger Profile
Our apps
iKana  

iKana
iKanji  

iKanji
Newslife  

NewsLife
InstantGallery  

InstantGallery
ThinkMac RSS Feeds
© ThinkMac Software 2003 - 2008, All Rights Reserved. ThinkMac Software is a trading name of Mr. Rory Prior. This site is in no way sponsored or endorsed by Apple Computer Inc. All trademarks owned by other companies are hereby acknowledged.